While most users are by now aware of the potential risk for infection inherent with opening applications sent over the Internet, fewer are aware of the risks that can come from documents.
Seth Hardy, senior malware analyst for the threat research and response team at
Symantec and part of
MessageLabs prior to Symantec’s purchase of the company, addressed the security challenges of documents in a session Wednesday at the
SecTor Security Education Conference in Toronto.
“The problem with documents is that they greatly outnumber applications, and we just can’t get rid of them – we need them to do business,” Hardy said. “And in many cases, we’re convinced that certain types of documents are safe.”
Hardy focused on the two most major document types in the wild, those built around Object Linking and Embedding (OLE), and PDF files.
OLE files include most
Microsoft Office documents and some versions of
WordPerfect, as well as Windows Installer (.msi files). Although the risks of malicious macros have been well publicized, and many users are now taught to avoid running any unexpected macros, there are other risks as exploits can be taken advantage of to insert malicious code or run applications right in the document. Hardy said there have been seven attacks this year based on known OLE faults. Those can be defeated through patching, but therein lies the problem. Other challenges include the fact that scanning for these exploits can be very difficult, as in some cases only a few bytes separate the good from the bad.
